Leaders and Boards will often now describe cyber as their most critical business risk.
They know how the threat environment is changing. They are trying to keep up with shifting laws and regulations. And they also increasingly see companies’ reputations suffering in the public arena if cyber crises are mishandled. They are increasingly seeing cyber as a risk to reputation, as well as to business-as-usual.
For companies, the reputational damage of a cyber breach is often less the technical damage done, the money lost, or the regulatory fines. The highest cost is to reputation. Personal and corporate reputations have been lost because the public management of the crisis has gone badly. Companies too often project uncertainty, an interest in shifting the blame, and a lack of confident leadership. It is often this that has the bottom-line cost.
Cyber crises can be managed well, and companies can recover from them. Ensuring that a company is prepared for a cyber crisis is the vital first step, but building your defenses is as much about communicating well, as it is about your technical resilience.